A recent public statement from the U.S. Securities and Exchange Commission implied that those engaged in writing and publishing code might need to worry about running afoul of securities laws. In its statement about the cease and desist order against the co-founder of decentralized cryptocurrency exchange EtherDelta, the SEC indicated that someone who simply “provides an algorithm” might be found to be running a securities exchange. In the order itself, the SEC stated that EtherDelta’s creator had violated securities laws because he “wrote and deployed” code that he “should have known” would contribute to EtherDelta’s alleged violations. EFF today sent a public letter reminding the agency that writing and publishing code is a form of protected speech under the First Amendment, and that the courts don’t take kindly to government agencies requiring people to obtain licenses before exercising their free speech rights.

EtherDelta was founded by Zachary Coburn. The SEC charged Coburn with running an unregistered national securities exchange, and he settled and agreed to pay over $300,000. While EFF takes no position on whether other aspects of EtherDelta violated the law or SEC regulations, EFF urged the SEC to clarify its dangerously broad language regarding potential liability for merely writing and publishing code.

Setting aside whatever other issues the SEC might have had with EtherDelta, there are many reasons why software that enables decentralized currency or other exchanges may be useful to consumers. That’s why it’s important that regulatory interventions today don’t stifle that innovation by claiming they can impose liability merely for the act of writing or distributing code.

Centralized exchanges invest power in a central intermediary, which can freeze the funds of customers, block certain customers from the platform, or block specific transactions, with no obligations to provide affected customers with an appeals process. Centralized exchanges can suffer outages that prevent customers from accessing their digital currencies. These centralized exchanges are also a target for criminals seeking to steal customer funds, and can themselves be run by unscrupulous individuals who abuse their access to customer funds and data.

For these and other reasons, EFF has called on cryptocurrency exchanges to adopt best practices around defending user rights, including issuing regular transparency reports. It’s also not surprising that regulators are cracking down on exchanges, and indeed EFF supports regulators stepping in to hold exchanges accountable for engaging in fraud, theft, and other misleading business practices.

But there’s also a technological response to the risks of centralized exchanges, and that’s where decentralized exchanges come in.

Decentralized exchanges allow for the exchange of digital currencies using smart contracts. Requests to sell and buy cryptocurrency can be submitted to a smart contract that matches and completes these transactions. Decentralized exchanges often don’t need to hold funds for customers—rather, customers can maintain possession of their cryptocurrency, and the decentralized exchange can automatically complete exchanges without taking possession of the assets. Decentralized exchanges thus do not need to hold a honeypot of money that might attract criminals, as centralized exchanges do, and cannot themselves steal funds. Furthermore, because trades are not approved by an individual or company, they cannot easily be censored by an intermediary.

Decentralized exchanges are in their earliest stages of development. They aren’t widely used right now, but this is an area of rapid research and innovation. Many cryptographers and programmers are experimenting with smart contract systems to develop new systems to help users correct the power imbalances they face when engaging in online transactions.

When describing its action against EtherDelta, the SEC argued that EtherDelta “provided a marketplace for bringing together buyers and sellers for digital asset securities through the combined use of an order book—a website that displayed orders—and a smart contract run on the Ethereum blockchain.” The SEC said it would take a “functional approach” to determining whether something was or was not an exchange that should register with the SEC: “The activity that actually occurs between the buyers and sellers—and not the kind of technology or the terminology used by the entity operating or promoting the system—determines whether the system operates as a marketplace and meets the criteria of an exchange under Rule 3b-16(a).”

The SEC wrote:

A system uses established non-discretionary methods if it provides a trading facility or sets rules. For example, an entity that provides an algorithm, run on a computer program or on a smart contract using blockchain technology, as a means to bring together or execute orders could be providing a trading facility. As another example, an entity that sets execution priorities, standardizes material terms for digital asset securities traded on the system, or requires orders to conform with predetermined protocols of a smart contract, could be setting rules. Additionally, if one entity arranges for other entities, either directly or indirectly, to provide the various functions of a trading system that together meet the definition of an exchange, the entity arranging the collective efforts could be considered to have established an exchange.

The SEC’s broad language about “an entity that provides an algorithm” could include cryptographic researchers and coders who are publishing ideas or code for debate and discussion, and working to develop systems that could benefit the public. Even if the individuals never deployed the code and never actively maintained or promoted a decentralized exchange, this overly broad language implies the SEC could well expect people merely writing and publishing code to register as a national securities exchange or face liability.

The free speech protections enshrined in the First Amendment and upheld through court cases across decades include the rights of individuals to publish their ideas without preemptively obtaining a license.

This isn’t just dangerous because it could quell research; it’s unconstitutional. The free speech protections enshrined in the First Amendment and upheld through court cases across decades include the rights of individuals to publish their ideas without preemptively obtaining a license. And code itself is speech. EFF fought to establish this principle in 1995, which led a federal court to strike down Commerce Department export restrictions on encryption technologies for exactly this reason, ruling that forcing cryptographic researchers to obtain a license before publishing their work was a gross violation of the freedom of expression. Other courts have recognized this principle, and today it is not controversial that writing code implicates the same First Amendment protections as writing in any other language.

Imposing liability on coders and researchers who fail to obtain a license as a national security exchange prior to publishing their code on GitHub or describing their methods in a white paper would similarly be an affront to the First Amendment. This would unfairly hamper the expressive rights of countless coders and researchers in this space. As we explained to the SEC, restricting the ability to merely write and publish code would fail the well-established test for imposing restraints on speech. Courts have found that such restraints are justified only in unusual and extreme circumstances, and they must survive the most exacting scrutiny.

There were many facts in the specific case of EtherDelta that may have attracted the SEC’s attention, but the act of publishing code used in a decentralized exchange should not be one of them. As we said in our letter to the SEC, it is crucial that those engaged in developing protocols, verifying transactions through mining, and writing code are not held liable for operating, or assisting with operating, a securities exchange. Imposing regulatory or criminal liability for such activity would run afoul of the First Amendment.

Related Updates

Facebook’s new cryptocurrency Libra has garnered attention from lawmakers and consumer groups since it was announced last month. And it’s no wonder: with a wince-inducing history of data disclosure scandals, the Facebook brand has become synonymous with ineptitude at protecting privacy. They’re bringing that tarnished reputation to cryptocurrency...

EFF and Open Rights Group today submitted formal comments to the British Treasury, urging restraint in applying anti-money-laundering regulations to the publication of open-source software. The UK government sought public feedback on proposals to update its financial regulations pertaining to money laundering and terrorism in alignment with a larger European...

A member of the U.S. House of Representatives last week called for a bill outlawing Americans from making cryptocurrency purchases, aligning with anti-cryptocurrency policies and approaches in countries such as Iran and Egypt. There is no language for this potential bill or any explanation of whether such...

Coin Center’s Peter Van Valkenburgh published a report exploring the potential Constitutional concerns should aggressive regulators attempt to crack down on the coders developing ideas for cryptocurrencies and decentralized exchanges. For long-time readers of the EFF blog, some of these ideas will seem familiar. EFF has been asserting that publishing...

The blockchain ecosystem has drastically changed over the last nine years, and the realities of today don’t closely resemble how many early enthusiasts imagined Bitcoin would evolve. People are no longer mining Bitcoin on their home laptops, and most people aren’t storing private keys on their own hard drives and...

Imagine running an online business for 17 years, only to have your ability to collect payments suddenly turned off. No real explanation. It’s happened to Roz and Nir Arbel now—twice. The Arbels run an online community called Soulseek. Originally intended to be a dating service, Soulseek today consists of various...

Eighteenth century writer and philosopher the Marquis de Sade spent the last 13 years of his life in prison for his crimes of writing pornographic novels such as Justine and Juliette. Today those who explore and write about similar sexual fantasies online—now known as BDSM and grounded in the consent...

Succumbing to years of government pressure, the online classified ads website Backpage.com has shut down its adult servicessection. Just like Craigslist before it, Backpage faced the difficult choice of censoring an entire forum for online speech rather than continue to endure the costly onslaught of state...

Rainey Reitman, the activism director of the Electronic Frontier Foundation, criticized MasterCard and Visa for removing support for Backpage, writing earlier this month, “We don’t need Visa and MasterCard to play nanny for online speech. Payment processors and banks shouldn’t be in the position of deciding what type of...

Visa and MasterCard confirmed that they have cut off payment services for Backpage.com, an online platform for people to advertise goods and services. This was in response to public pressure from Cook County Sheriff Tom Dart, who wrote to executives at both of the payment processors urging them to...